Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xMmNnLXhmOXAtaDQ1N84AAYyu
Incomplete exclude pattern in Apache Struts
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. In Struts 2.3.20.1 a better set of exlude patterns was defined.
Permalink: https://github.com/advisories/GHSA-q2cg-xf9p-h457JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMmNnLXhmOXAtaDQ1N84AAYyu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
Identifiers: GHSA-q2cg-xf9p-h457, CVE-2015-1831
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1831
- https://struts.apache.org/docs/s2-024.html
- https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b
- https://github.com/advisories/GHSA-q2cg-xf9p-h457
Affected Packages
maven:org.apache.struts.xwork:xwork-core
Dependent packages: 59Dependent repositories: 484
Downloads:
Affected Version Ranges: >= 2.0.0, < 2.3.20.1
Fixed in: 2.3.20.1
All affected versions: 2.2.1, 2.2.3, 2.3.1
All unaffected versions: 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.20, 2.3.24, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35, 2.3.36, 2.3.37
maven:org.apache.struts:struts2-core
Dependent packages: 194Dependent repositories: 6,183
Downloads:
Affected Version Ranges: >= 2.0.0, < 2.3.20.1
Fixed in: 2.3.20.1
All affected versions: 2.0.5, 2.0.6, 2.0.8, 2.0.9, 2.0.11, 2.0.12, 2.0.14, 2.1.2, 2.1.6, 2.1.8, 2.2.1, 2.2.3, 2.3.1
All unaffected versions: 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.20, 2.3.24, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35, 2.3.36, 2.3.37, 2.5.1, 2.5.2, 2.5.5, 2.5.8, 2.5.10, 2.5.12, 2.5.13, 2.5.14, 2.5.16, 2.5.17, 2.5.18, 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.30, 2.5.31, 2.5.32, 2.5.33, 6.0.0, 6.0.3, 6.1.1, 6.1.2, 6.2.0, 6.3.0